Student Sign In

Duration of the course :

Part Time : N/A

Full Time  : 5 Days (8 Hrs/Day)

Module I: Computer Forensics in Today’s World:

Module II: Law And Computer Forensics:

• What Is Cyber Crime?
• What Is Computer Forensics?
• Computer Facilitated Crimes.
• Reporting Security Breaches to Law Enforcement.
• National Infrastructure Protection Center.
• FBI.
• Federal Statutes.
• Cyber Laws.
• Approaches to Formulate Cyber Laws.
• Scientific Working Group on Digital Evidence (SWGDE).
• Federal Laws.
• The USA Patriot Act of 2001.
• Freedom of Information Act.
• Building Cyber Crime Case.
• How the FBI Investigates Computer Crime?
• How to Initiate an Investigation?
• Legal Issues Involved in Seizure of Computer Equipments.
• Searching With a Warrant.
• Searching Without a Warrant.
• Privacy Issues Involved in Investigations.
• International Issues Related to Computer Forensics.
• Crime Legislation of EU.
• Cyber Crime Investigation.

Module III: Computer Investigation Process:

• Investigating Computer Crime.
• Investigating a Company Policy Violation.
• Investigation Methodology.
• Evaluating the Case.
• Before the Investigation.
• Document Everything.
• Investigation Plan.
• Obtain Search Warrant.
• Warning Banners.
• Shutdown the Computer.
• Collecting the Evidence.
• Confiscation of Computer Equipments.
• Preserving the Evidence.
• Importance of Data-recovery Workstations and Software.
• Implementing an Investigation.
• Understanding Bit-stream Copies.
• Imaging the Evidence Disk.
• Examining the Digital Evidence.
• Closing the Case.
• Case Evaluation.

Module IV: Computer Security Incident Response Team:

• Present Networking Scenario
• Vulnerability
• Vulnerability Statistics
• What is an Incident?
• A Study by CERT Shows Alarming Rise in Incidents (security Breach)
• How to Identify an Incident?
• Whom to Report an Incident?
• Incident Reporting
• Category of Incidents
• Handling Incidents
• Procedure for Handling Incident
• Preparation
• Identification
• Containment
• Eradication
• Recovery
• Follow up
• What Is CSIRT?
• Why an Organization Needs an Incident Response Team?
• Need for CSIRT
• Example of CSIRT
• CSIRT Vision
• Vision
• Best Practices for Creating a CSIRT
• Step 1: Obtain Management Support and Buy-In
• Step 2: Determine the CSIRT Development Strategic
• Step 3: Gather Relevant Information
• Step 4: Design your CSIRT Vision
• Step 5: Communicate the CSIRT Vision
• Step 6: Begin CSIRT Implementation
• Step 7: Announce the CSIRT
• Other Response Teams Acronyms and CSIRTs around the world
• World CSIRT

Module V: Computer Forensic Laboratory Requirements:

• Budget Allocation for a Forensics Lab.
• Physical Location Needs of a Forensic Lab.
• Work Area of a Computer Forensics Lab.
• General Configuration of a Forensic.
• Equipment Needs in a Forensics Lab.
• Ambience of a Forensics Lab.
• Environmental Conditions.
• Recommended Eyestrain Considerations.
• Structural Design Considerations.
• Electrical Needs.
• Communications.
• Basic Workstation Requirements in a Forensic Lab.
• Consider stocking the following hardware peripherals.
• Maintain Operating System and Application Inventories.
• Common Terms.
• Physical Security Recommendations for a Forensic Lab.
• Fire-Suppression Systems.
• Evidence Locker Recommendations.
• Evidence Locker Combination Recommendations.
• Evidence Locker Padlock Recommendations.
• Facility Maintenance.
• Auditing a Computer Forensics Lab.
• Auditing a Forensics Lab.
• Forensics Lab.
• Mid-Sized Lab.
• Forensic Lab Licensing Requisite.
• Forensic Lab Manager Responsibilities.

Module VI: Understanding File systems and Hard disks:

• Disk Drive Overview - I
• Hard Disk
• Disk Platter
• Tracks
• Tracks Numbering
• Sector
• Sector Addressing
• Cluster
• Cluster Size
• Slack Space
• Lost Clusters
• Bad Sector
• Understanding File Systems
• Types of File System
• List of Disk File Systems
• List of Network file systems
• Special Purpose File systems
• Popular Linux File systems
• Sun Solaris 10 File system - ZFS
• Windows File systems
• Mac OS X File system
• CD-ROM / DVD File system
• File system Comparison
• Boot Sector
• Exploring Microsoft File Structures
• Disk Partition Concerns
• Boot Partition Concerns
• Examining FAT
• NTFS
• NTFS System Files
• NTFS Partition Boot Sector
• NTFS Master File Table (MFT)
• NTFS Attributes
• NTFS Data Stream
• NTFS Compressed Files
• NTFS Encrypted File Systems (EFS)
• EFS File Structure
• Metadata File Table (MFT)
• EFS Recovery Key Agent
• Deleting NTFS Files
• Understanding Microsoft Boot Tasks
• Windows XP system files
• Understanding Boot Sequence DOS
• Understanding MS-DOS Startup Tasks
• Other DOS Operating Systems
• Registry Data
• Examining Registry Data

Module VII: Windows Forensics:

• Locating Evidence on Windows Systems
• Gathering Volatile Evidence
• Pslist
• Forensic Tool: fport
• Forensic Tool - Psloggedon
• Investigating Windows File Slack
• Examining File Systems
• Built-in Tool: Sigverif
• Word Extractor
• Checking Registry
• Reglite.exe
• Tool: Resplendent Registrar 3.30
• Microsoft Security ID
• Importance of Memory Dump
• Manual Memory Dumping in Windows 2000
• Memory Dumping in Windows XP and Pmdump
• System State Backup
• How to Create a System State Backup?
• Investigating Internet Traces
• Tool - IECookiesView
• Tool - IE History Viewer
• Forensic Tool: Cache Monitor
• CD-ROM Bootable Windows XP
• Bart PE
• Ultimate Boot CD-ROM
• List of Tools in UB CD-ROM
• Desktop Utilities
• File Analysis Tools
• File Management Tools
• File Recovery Tools
• File Transfer Tools
• Hardware Info Tools
• Process Viewer Tools
• Registry Tools

Module VIII:  Linux and Macintosh Boot processes:

• UNIX Overview
• Linux Overview
• Understanding Volumes -I
• Exploring Unix/Linux Disk Data Structures
• Understanding Unix/linux Boot Process
• Understanding Linux Loader
• Linux Boot Process Steps
• Step 1: The Boot Manager
• Step 2: init
• Step 2.1: /etc/inittab
• runlevels
• Step 3: Services
• Understanding Permission Modes
• Unix and Linux Disk Drives and Partitioning Schemes
• Mac OS X        
• Mac OS X Hidden Files
• Booting Mac OS X
• Mac OS X Boot Options
• The Mac OS X Boot Process
• Installing Mac OS X on Windows XP
• PearPC
• MacQuisition Boot CD

Module IX: Linux Forensics:

• Use of Linux as a Forensics Tool
• Recognizing Partitions in Linux
• File System in Linux
• Linux Boot Sequence
• Linux Forensics
• Case Example
• Step-by-step approach to Case 1 (a)
• Step-by-step approach to Case 1 (b)
• Step-by-step approach to Case 1 (c)
• Step-by-step approach to Case 1 (d)
• Case 2
• Challenges in disk forensics with Linux
• Step-by-step approach to Case 2 (a)
• Step-by-step approach to Case 2 (b)
• Step-by-step approach to Case 2 (c)
• Popular Linux Tools           

Module X: Data Acquisition and Duplication:

• Determining the Best Acquisition Methods
• Data Recovery Contingencies
• MS-DOS Data Acquisition Tools
• DriveSpy
• DriveSpy Data Manipulation Commands
• DriveSpy Data Preservation Commands
• Using Windows Data Acquisition Tools
• Data Acquisition Tool: AccessData FTK Explorer
• FTK
• Acquiring Data on Linux
• dd.exe (Windows XP Version)
• Data Acquisition Tool: Snapback Exact
• Data Arrest
• Data Acquisition Tool: SafeBack
• Data Acquisition Tool: Encase
• Need for Data Duplication
• Data Duplication Tool: R-drive Image
• Data Duplication Tool: DriveLook
• Data Duplication Tool: DiskExplorer

Module XI: Recovering Deleted Files:

• Introduction
• Digital Evidence
• Recycle Bin in Windows
• Recycle Hidden Folder
• Recycle folder
• How to Un-delete a File?
• Tool: Search and Recover
• Tool: Zero Assumption Digital Image Recovery
• Data Recovery in Linux
• Data Recovery Tool: E2undel
• Data Recovery Tool: O&O Unerase
• Data Recovery Tool: Restorer 2000
• Data Recovery Tool: Badcopy Pro
• Data Recovery Tool: File Scavenger
• Data Recovery Tool: Mycroft V3
• Data Recovery Tool: PC Parachute
• Data Recovery Tool: Stellar Phoenix
• Data Recovery Tool: Filesaver
• Data Recovery Tool: Virtual Lab
• Data Recovery Tool: R-linux
• Data recovery tool: Drive and Data Recovery
• Data recovery tool: active@ UNERASER - DATA recovery
• Data recovery tool: Acronis Recovery Expert
• Data Recovery Tool: Restoration
• Data Recovery Tool: PC Inspector File Recovery

Module XII: Image Files Forensics:

• Introduction to Image Files
• Recognizing an Image File
• Understanding Bitmap and Vector Images
• Metafile Graphics
• Understanding Image File Formats
• File types
• Understanding Data Compression
• Understanding Lossless and Lossy Compression
• Locating and Recovering Image Files
• Repairing Damaged Headers
• Reconstructing File Fragments
• Identifying Unknown File Formats
• Analyzing Image File Headers
• Picture Viewer: Ifran View
• Picture Viewer: Acdsee
• Picture Viewer: Thumbsplus
• Steganography in Image Files
• Steganalysis Tool: Hex Workshop
• Steganalysis Tool: S-tools
• Identifying Copyright Issues With
  Graphics

Module XIII: Steganography:

• Introduction
• Important Terms in Stego-forensics
• Background Information to Image Steganography
• Steganography History
• Evolution of Steganography
• Steps for Hiding Information in Steganography
• Six Categories of Steganography in Forensics
• Types of Steganography
• What Is Watermarking?
• Classification of Watermarking
• Types of Watermarks
• Steganographic Detection
• Steganographic Attacks
• Real World Uses of Steganography
• Steganography in the Future
• Unethical Use of Steganography
• Hiding Information in Text Files
• Hiding Information in Image Files
• Process of Hiding Information in Image Files
• Least Significant Bit
• Masking and Filtering
• Algorithms and Transformation
• Hiding Information in Audio Files
• Low-bit Encoding in Audio Files
• Phase Coding
• Spread Spectrum
• Echo Data Hiding
• Hiding Information in DNA
• TEMPEST
• The Steganography Tree
• Steganography Tool: Fort Knox
• Steganography Tool: Blindside
• Steganography Tool: S- Tools
• Steganography Tool: Steghide
• Steganography Tool: Digital Identity
• Steganography Tool: Stegowatch
• Tool : Image Hide
• Data Stash
• Tool: Mp3Stego
• Tool: Snow.exe
• Tool: Camera/Shy
• Steganography Detection

Module XIV: Computer Forensic Tools:

• Dump Tool:  DS2DUMP
• Dump Tool: Chaosreader
• Slack Space & Data Recovery Tools: Drivespy
• Slack Space & Data Recovery Tools: Ontrack
• Hard Disk Write Protection Tools: Pdblock
• Hard Disk Write Protection Tools: Nowrite & Firewire Drivedock
• Permanent Deletion of Files:pdwipe
• Disk Imaging Tools: Image & Iximager
• Disk Imaging Tools: Snapback Datarrest
• Partition Managers: PART & Explore2fs
• Linux/unix Tools: Ltools and Mtools
• Linux/UNIX tools: TCT and TCTUTILs
• Password Recovery Tool: @Stake
• ASRData
• SMART Screenshot
• Ftime
• Oxygen Phone Manager
• Multipurpose Tools: Byte Back  & Biaprotect
• Multipurpose Tools: Maresware
• Multipurpose Tools: LC Technologies Software
• Multipurpose Tools: Winhex Specialist Edition
• Multipurpose Tools: Prodiscover DFT
• Toolkits: NTI tools
• Toolkits: R-Tools-I
• Toolkits: R-Tools-II
• Toolkits: DataLifter
• Toolkits: AccessData
• LC Technology International Hardware
• Screenshot of Forensic Hardware
• Image MASSter Solo  and FastBloc
• RMON2 Tracing Tools and
  MCI DoStracker
• EnCase

Module XV: Application password crackers:

• Password - Terminology
• What is a Password Cracker?
• How Does A Password Cracker Work?
• Various Password Cracking Methods
• Classification of Cracking Software
• System Level  Password Cracking
• Application Password Cracking
• Application Software Password Cracker
• Distributed Network Attack-I
• Distributed Network Attack-II
• Passware Kit
• Accent Keyword Extractor
• Advanced Zip Password Recovery
• Default Password Database
• http://phenoelit.darklab.org/
• http://www.defaultpassword.com/
• http://www.cirt.net/cgi-bin/passwd.pl
• Password Cracking Tools List

Module XVI: Investigating Logs:

• Audit Logs and Security
• Audit Incidents
• Syslog
• Remote Logging
• Linux Process Accounting
• Configuring Windows Logging
• Setting up Remote Logging in Windows
• NtSyslog
• EventReporter
• Application Logs
• Extended Logging in IIS Server
• Examining Intrusion and Security Events
• Significance of Synchronized Time
• Event Gathering
• EventCombMT
• Writing Scripts
• Event Gathering Tools
• Forensic Tool: Fwanalog
• End-to End Forensic Investigation
• Correlating Log files
• Investigating TCPDump
• IDS Loganalyais:RealSecure
• IDS Loganalysis :SNORT

Module XVII:  Investigating network traffic:

• Overview of Network Protocols
• Sources of Evidence on a Network
• Overview of Physical and Data-link Layer of the OSI Model
• Evidence Gathering at the Physical Layer
• Tool: Windump
• Evidence Gathering at the Data-link Layer
• Tool: Ethereal
• Tool: NetIntercept
• Overview of Network and Transport Layer of the OSI Model
• Evidence Gathering at the Network and Transport Layer-(I)
• Gathering Evidence on a Network
• GPRS Network Sniffer : Nokia LIG
• NetWitness
• McAffee Infinistream Security Forensics
• Snort 2.1.0
• Documenting the Gathered Evidence on a Network
• Evidence Reconstruction for Investigation

Module XVIII: Router Forensics:

• What Is a Router?
• Functions of a Router
• A Router in an OSI Model
• Routing Table and its Components
• Router Architecture
• Implications of a Router Attack
• Types of Router Attacks
• Denial of Service (DoS) Attacks
• Investigating Dos Attacks
• Smurfing – Latest in Dos Attacks
• Packet “Mistreating” Attacks
• Routing Table Poisoning
• Hit-and-run Attacks Vs. Persistent Attacks
• Router Forensics Vs. Traditional Forensics
• Investigating Routers
• Chain of Custody
• Incident Response & Session Recording
• Accessing the Router
• Volatile Evidence Gathering
• Router Investigation Steps - I
• Analyzing the Intrusion
• Logging
• Incident Forensics
• Handling a Direct Compromise Incident
• Other Incidents

Module XIX: Investigating Web Attacks

• Indications of a web attack
• Responding to a web attack
• Overview of web logs
• Mirrored Sites
• N-Stealth
• Investigating static and dynamic IP address
• Tools for locating IP Address: Nslookup
• Tools for locating IP Address: Traceroute